rndc: don't test hmac-md5 in FIPS mode

HMACMD5 is not permitted in FIPS mode.  Only test HMACMD5 when not
in FIPS mode.

bin/tests/system/rndc/setup.sh

@@ -41,11 +41,14 @@ copy_setports ns5/named.conf.in ns5/named.conf
 copy_setports ns6/named.conf.in ns6/named.conf
 copy_setports ns7/named.conf.in ns7/named.conf
 
+keyset=
 make_key () {
     $RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \
             > ns4/key${1}.conf 2> /dev/null
     grep -E -v '(^# Start|^# End|^# Use|^[^#])' ns4/key$1.conf | cut -c3- | \
             sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
+    key='"'key$1'";'
+    keyset="$keyset $key"
 }
 
 $FEATURETEST --md5 && make_key 1 ${EXTRAPORT1} hmac-md5
@@ -59,7 +62,6 @@ cat >> ns4/named.conf <<- EOF
 
 controls {
 	inet 10.53.0.4 port ${EXTRAPORT7}
-		allow { any; } keys { "key1"; "key2"; "key3";
-                                      "key4"; "key5"; "key6"; };
+		allow { any; } keys { $keyset };
 };
 EOF

bin/tests/system/rndc/tests.sh

@@ -424,6 +424,7 @@ echo_i "testing single control channel with multiple algorithms ($n)"
 ret=0
 for i in 1 2 3 4 5 6
 do
+	test $i = 1 && $FEATURETEST --have-fips-mode && continue
 	$RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status > /dev/null 2>&1 || ret=1
 done
 if [ $ret != 0 ]; then echo_i "failed"; fi

bin/tests/system/tsig/clean.sh

@@ -18,6 +18,7 @@
 rm -f dig.out.*
 rm -f */named.memstats
 rm -f */named.conf
+rm -f ns1/named-fips.conf
 rm -f */named.run
 rm -f ns*/named.lock
 rm -f Kexample.net.*